Because everything has an answer…

Main menu

Post navigation

Wireshark Filters

Wireshark is an application that allows you to capture network traffic, this is very useful when you need to troubleshoot problems or just to understand how an specific application works. In this post you will find some filters that may help you to correctly interpret complete conversations or specific network packets.

If you don’t know it, or if you want to list all SMTP errors in the SMTP sessions, then you must first exclude all the valid codes (2XX) until you end up only with 4XX or 5XX codes.

not smtp.response.code eq 220 and not smtp.response.code eq 221 and not smtp.response.code eq 250 and not smtp.response.code eq 354 and smtp.response.code

When you execute this filter you will end up only with 4XX and/or 5XX error codes so you will see all SMTP errors withing your capture. If it ends up blank, it means that no SMTP errors were found in that specific capture.

If you need any other filter or need another interpretation of a Wireshark capture you can leave us a comment or send it to our Twitter account: @redinskala where you can also check out more security information and tips.